On Wed, May 29, 2002 at 02:47:35PM +0200, Martin Kraemer wrote: > But IMO we need to have a way to parse the hex string and detect an > integer overflow at the same time. If an overflow occurs, then > an 4XX message is appropriate (400 Bad Request rather than > 413 Request Entity Too Large)
I mostly agree on the codes (not that it matters that much if it's 400 or 413, but I'm sure Roy has an opinion on this). I would think that 400 makes sense for overflow, but then again, if we can't handle the size it's not really a bad request... > Then, as a second step (if the number parsed all right, even if it > was incredibly long, as in this chunk of 33 bytes: > 000000000000000000000000000000000000000000000000000000021 CRLF > ) we can try and verify whether we accept the size. For that, we > have an upper limit defined by "LimitRequestBody bytes". > Anything beyond that can impossibly be accepted. With this I completely agree with, but I think this is already happening. I'd need to review the code to be sure. Thanks for the leading-zeros hint, I'll fix that momentarily. -aaron
